Stored Cross-Site Scripting Vulnerability in DotNetNuke CMS by DNN Software
CVE-2021-31858

5.4MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dotnetnuke
Vendor: CVE Published:; 20 July 2022

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2021-31858?

The DotNetNuke (DNN) 9.9.1 CMS is susceptible to a stored cross-site scripting vulnerability within the user profile's biography section. This flaw enables remote authenticated users to insert and execute arbitrary code through a crafted payload. If exploited, this vulnerability can compromise the integrity of user data and lead to unauthorized access or actions within the CMS.

References

https://www.dnnsoftware.com/community/security/security-c...

x_refsource_MISC

https://labs.integrity.pt/advisories/cve-2021-31858/

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2022
Vulnerability Reserved
Apr 28, 2021